Perl wrappers around the CGI protocol frequently make it too easy to write exploitable code by conflating GET and POST parameters. Implementers instead should be considering whether a given request is retrieving (GET) or modifying (POST) data.

This role removes access to params, parameters and param from Catalyst request objects, forcing users to use body_parameters and query_parameters instead.

Cross-site Scripting vulnerabilities are easy to introduce, and often subtle. While using this module reduces the threat surface a little, it in no way provides general protection from all (or maybe even most) attacks.